“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-
What is HMAC (Hash-Based Message Authentication Code)?
Hash-based message authentication code (HMAC) is a message encryption method that uses a cryptographic key with a hash function.Read More
-
What is a compliance audit? (With an example checklist)
A compliance audit is critical for finding any potential compliance gaps in an organization’s operations. Here’s what companies can do to prepare for them.Read More
-
SimpleHelp Support Software Attack
FortiGuard Labs continues to observe ongoing attack attempts targeting SimpleHelp, a Remote Monitoring and Management (RMM) software, due to a critical unauthenticated path traversal vulnerability (CVE-2024-57727) affecting versions 5.5.7 and earlier.Read More
-
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data [email protected] (The Hacker News)
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that’s capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox,Read More
-
Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets [email protected] (The Hacker News)
A new malware campaign is exploiting a weakness in Discord’s invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. “Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers,” Check Point said in a technical report. “The attackers combined…
-
News brief: Gartner Security and Risk Management Summit recap
Check out the latest security news from the Informa TechTarget team.Read More
-
Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month [email protected] (The Hacker News)
Cybersecurity researchers are calling attention to a “large-scale campaign” that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an “esoteric and educational programming style” that uses only a limited set of characters to write and execute…
-
Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month [email protected] (The Hacker News)
Cybersecurity researchers are calling attention to a “large-scale campaign” that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an “esoteric and educational programming style” that uses only a limited set of characters to write and execute…
-
Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider. “This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelpRead More
-
CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk [email protected] (The Hacker News)
Introduction: Security at a Tipping Point Security Operations Centers (SOCs) were built for a different era, one defined by perimeter-based thinking, known threats, and manageable alert volumes. But today’s threat landscape doesn’t play by those rules. The sheer volume of telemetry, overlapping tools, and automated alerts has pushed traditional SOCs to the edge. Security teams…
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova